minecraft provided through downloadpilot.exe

Download Manager

LiveSoftAction

The program utilizes the Appscion Download and Install manager, an adware distribution bundler from SIEN SA. The setup program includes ad-supported toolbars and utilities. The application minecraft provided through downloadpilot.exe by LiveSoftAction has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the Sien AppScion Download Manager installer. With this installer, users are expecting to download Minecraft but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
LiveSoftAction  (signed and verified)

Product:
Download Manager

Version:
1.0.11.0

MD5:
cf81b63efb49b0adcdadac0df6a5c5a9

SHA-1:
52c5cc5e7caeb22d64ca7d2a07aac7711d8694c7

SHA-256:
ca5a028329838daa1db89cac617a8f14e05b28574ef77a056ddc8410dc0c4410

Scanner detections:
18 / 68

Status:
Adware

Explanation:
This is a modified installer that uses the Appscion to bundle adware.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 1:28:48 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
APPL/GetNow.sjd
7.11.127.248

avast!
Win32:Installer-AC [PUP]
2014.9-141022

AVG
Adware Skodna.Bundle_r.V
2015.0.3314

Bkav FE
W32.Clod838.Trojan
1.3.0.4959

Comodo Security
UnclassifiedMalware
17695

Dr.Web
Adware.Downware.1910
9.0.1.0295

ESET NOD32
Win32/GetNow (variant)
8.9355

IKARUS anti.virus
AdWare.GetNow
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.177.12128

Malwarebytes
PUP.Optional.LiveSoftAction.A
v2014.10.22.07

McAfee
Artemis!CF81B63EFB49
5600.6970

NANO AntiVirus
Riskware.Win32.Downware.cxbrxc
0.28.0.59911

Reason Heuristics
DownloadManager.LiveSoftAction.i
14.10.22.7

Rising Antivirus
PE:Malware.Downware!6.773
23.00.65.141020

Sophos
Live Soft Action
4.97

Trend Micro House Call
TROJ_GEN.F47V0110
7.2.295

VIPRE Antivirus
Appscion
25946

File size:
609.9 KB (624,552 bytes)

Product version:
1.0.11.0

Copyright:
(c) LiveSoftAction. All rights reserved.

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Sien AppScion Download Manager

Language:
English (United States)

Common path:
C:\users\{user}\downloads\minecraft provided through downloadpilot.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/4/2012 8:00:00 PM

Valid to:
6/5/2014 7:59:59 PM

Subject:
CN=LiveSoftAction, OU=SienAppNetwork, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=LiveSoftAction, L=Bucharest, S=functiune, C=RO

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
17E4CA22DB0D2CFD73BAACB9BD605BF7

File PE Metadata
Compilation timestamp:
12/19/2013 6:17:03 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:d1ry2E126OCkKIonA4dDt3VlU3cesrS7Nty90uA:Py92RCkK1AYD1VlU3L+2y1A

Entry address:
0x162EC0

Entry point:
60, BE, 00, 30, 4E, 00, 8D, BE, 00, E0, F1, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.8894

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
516 KB (528,384 bytes)

The file minecraft provided through downloadpilot.exe has been seen being distributed by the following 2 URLs.

Remove minecraft provided through downloadpilot.exe - Powered by Reason Core Security